Skip to main content
IT Services

Phishing

What are they?

Phishing is an attempt to obtain sensitive or personal information such as usernames, passwords and credit card details by disguising itself as a trustworthy entity in an electronic communication. These can be classified as follows;

Phishing (Email) - An email sent out to millions of people globally with no common link.

Spear Phishing (Email) - These attacks are more targeted because attackers research the users or organisation to make the email more believeable (holiday destinations, sports team, pets etc).

Whaling (Email) - Not technically a fish but this type of attack is aimed at the "big fish" in a organisation...CEO's, COO's, CFO's, CIO's.

Vishing (Voice) - Cold calls trying to gain information from you by phone.

Smishing or SMiShing (SMS) - These send links via text message (like emails) to gain personal information.

Search Engine (www) - These use keywords in searches to direct usets to fake websites.

What to look for?

  • Read the email and consider the tone, grammar and if it is something that they would request.
  • Do not click on any links or attachments within the email.
  • Do not reply to the email or contact the fraudulent senders in any way.
  • Look to see if the signature is consistent with other emails you have received in the past.

What to do?

If you think you have a phishing email, here are some steps on what to do:

  • Select the built-in Report Message button at the left of your screen (it is represented by a shield and an exclamation mark inserted in it)
  • Select Junk or Phishing in the drop-down list.

(If you are still working with a previous version of Microsoft Outlook with a simplified ribbon)

  • Select ‘More Commands’
  • Select ‘Protection section’
  • Select ‘Report Message’
  • Choose between ‘Junk’ or ‘Phishing’

*If you do not have either of the options above, you can forward the message to report-phishing@qmul.ac.uk

If you think you have responded to an phishing email, here are some steps to protect your details:

  • Change your password immediately for any accounts which you believe have been compromised - Self Service Password Reset Portal: https://aka.ms/sspr
  • Raise an incident with the ITS Service Desk
  • Run a full virus scan of the machine
Back to top